Our favorite 5 hacking items

1. Tutorial of the week

This tutorial presents great OSINT techniques for finding sensitive information leaked by employees.
A tool, LeakFinder, is also provided to automate the process. The author used it successfully on 2 bug bounty programs but the reports have not yet been disclosed.

2. Writeup of the week

This is a great writeup about finding an XXE using Burp Collaborator.
If you read only one writeup this week, it should be this one: it’s well written, references good articles, presents a detailed methodology and a high impact vulnerability.

3. Conference of the week

Amongst the several security conference videos that were released lately, I particularly enjoyed watching Frans Rosén’s talk at Security Fest. He explains how he found many critical vulnerabilities and the tricks he used to win $45,000 in bug bounties.

4. Tool of the week

Archaeologit scans the history of a user’s GitHub repositories for a given pattern to find sensitive things. So it can be useful for finding sensitive information from target companies while pentesting and bug bounty hunting.

5. Non technical item of the week

This is a good talk about depression and mental illness by a hacker. It might help if you suffer from this kind of issues.
Also, if you are a remote worker in InfoSec, you might want to read this article from Danny Akacki too: Working from home is great, ‘till it ain’t.. No-one is immune to depression!

Writeups

You can find the latest bug bounty writeups in our dedicated page: List of bug bounty writeups.
Only writeups that did not make it to this selection are listed below. This does not mean that they aren’t worth reading, just that they are not BUG BOUNTY writeups. We will soon post more details about how our curation process.

Non technical

Tweets

For all those that asked the question about giving up full time bug bounty hunting. I will share in the next days. Some may relate, others won't. I don't care either way :) between ALL BBP's I have cleared well over $1,250,000. I have one goal to hit, and need to do it asap :)

More tweets (Tips)

Just found an interesting bug.. can you invite other users (via email usually) to xyz? Try the invite link on a different account and see what happens. In my case, it auto leaked my other accounts email to me. (no prompts to accept invite, didn't validate user) #BugBountyTips

How I just found this WAF bypass and multiple XSS in minutes on a fresh program? Scanned subdomains, then ran common parameters with XSS payloads on each index page. Be surprised how many easy low hanging fruit bugs you'll find :) #BugBountyTips

#BountyProTip : Not really a genius trick or anything but when you discover a subdomain that doesn't have any content in the web root, make sure to Google the subdomain for cached URI paths (in addition to checking https://t.co/LM3Ls2jfCF)

Red tip #326: WHOIS Protection in place on domains? Try get WHOIS information from the Autonomous System Number then use that to perform reverse WHOIS to find additional domains. https://t.co/Z2mHFB4ZRH

Pro tip: when testing for authorization issues using different profiles/browsers going through the same proxy, set a unique canary in the user agent property of one of them. Then in Burp -> Search for that canary -> Highlight all #bugbountytip